Abstract
It has always been a challenging problem to evaluate the security of cloud services. In this paper, we analyze this problem exploiting the loss expectation by illegal attack in a quantitative way. With one of the key cloud services, storage cloud services based on key–value pairs (SCSKP for short), we quantify the protection ability with the Markov model analysis on the possibilities of various illegal attack. The loss expectation caused by the illegal attack will be calculated based on the analysis and then be used to quantify the resistance ability of SCSKP against such attacks, which serves as a metric to evaluate the security of the cloud service. We provide three series of experiments are exploited to test the expectation of losses. The results show that our method is valid and able to reflect the security situation of the cloud service.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Armbrust M, Fox A, Griffith R et al (2010) A view of cloud computing. Commun ACM 53(4):50–58
Arshad J, Tpwnend P, Jie Xu (2013) A novel intrusion severity analysis approach for clouds. Futur Gener Comput Syst 29(1):416–428
Calheiros RN, Ranjan R, Beloglazov A, et al. (2011) CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Software 41(1):23–50
Changqing C, Xiaobin P, Heng Z, Yunsheng L (2011) A semi-markov evaluation model for the survivability of real-time database with intrusion tolerance. Chin J Comput 34(10):1907–1916
Fengzhe Z, Jin C, Haibo C, Binyu C (2011) Lifetime privacy and self-destruction of data in the cloud. J Comput Res Dev 48(7):1155–1167
Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Priv 9(2):50–57
Hu P, Li Z, Peng JK (2011) Application research of distributed firewall based on intrusion detection. Microelectron Comput 28(6):126–130
Jianming Z, Raghunathan S (2009) Evaluation model of information security technologies based on game theoretic. Chin J Comput 32(4):828–834
Kandukuri BR, Paturi VR, Rakshit A (2009) Cloud security issues[C]. In: Proceedings of 2009 IEEE international conference on services computing 517–520
Kun Z, Qingzhong L, Yuliang S (2010) Research on data combination privacy preservation mechanism for saas. Chin J Comput 33(11):2044–2054
Morsy MA, Grundy J, Muller I (2010) An analysis of the cloud computing security problem. In: Proceedings of APSEC 2010 Cloud Workshop
Pamies-Juarez L, García-López P, Sánchez-Artigas M, Herrera B (2011) Towards the design of optimal data redundancy schemes for heterogeneous cloud storage infrastructures[J]. Comput Netw 55(5):1100–1113
Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11
Teneyuca D (2011) Internet cloud security: the illusion of inclusion. Inf Secur Tech Rep 16(3–4):102–107
Wang L, Laszewski GV, Younge A, He X, Kunze M, Tao J, Fu C (2010) Cloud computing: a perspective study. N Gener Comput 28(2):137–146
X-Scan[DB/OL]. http://www.xfocus.net/projects/X-Scan/index.html, 2005-07-18/2014-10-25
Zhang Q, Cheng L, Boutaba R (2010) Cloud computing: state-of-the-art and research challenges. J Intern Serv Appl 1(1):7–18
Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Futur Gener Comput Syst 28(3):583–592
Acknowledgments
This research work was supported by Program for Natural Science Foundation of Jilin Province (20150101054JC), and Key Program for Science and Technology Development of Jilin Province (20130206052GX).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Zhang, P., Liu, L., Zhang, R. et al. Loss evaluation analysis of illegal attack in SCSKP. Soft Comput 21, 515–524 (2017). https://doi.org/10.1007/s00500-015-1806-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-015-1806-2